Nødro

Privacy Policy

Last updated: May 10, 2026

This Privacy Policy ("Policy") describes how Nødro LLC ("Nødro," "we," "us," or "our"), a Washington limited liability company, collects, uses, discloses, and protects personal information when you access or use the Nødro platform, website, and related services (collectively, the "Services"). By using the Services, you acknowledge that you have read and understood this Policy.

1. Our Core Promise

We do not sell your personal information. We collect only what is necessary to deliver and improve our Services. We do not engage in targeted advertising, interest-based advertising, or behavioral advertising based on personal data. We do not monetize your information by selling it to data brokers, information resellers, or any other third parties.

2. Scope of This Policy

This Policy applies to all individuals who interact with our Services, including registered users who create accounts ("Users") and individuals who book meetings through a User's scheduling page without creating an account ("Guests"). Where our data practices differ between Users and Guests, we note the distinction below.

3. Information We Collect

3.1 Information You Provide Directly

  • Account Registration (Users): When you create an account, we collect your email address, first name, last name, username, and authentication credentials. Account creation requires a valid invite code, although registration is open to the public.
  • Profile Information (Users): You may optionally provide a phone number (verified via SMS one-time passcode) and upload a profile photo (avatar image).
  • Scheduling Preferences (Users): Your availability settings, timezone, default meeting duration, cooldown periods, advance booking limits, minimum notice requirements, conferencing preferences, and notification preferences.
  • Booking Information (Guests):When you book a meeting through a User's scheduling page, we collect your email address, timezone, and optionally your name and a message or note. Guest data is collected without account creation.

3.2 Information from Third-Party Services

When you connect third-party accounts, we collect and process information as follows:

  • Google: We access your Google profile information (name, email, profile picture) for authentication. With your explicit consent, we access your Google Calendar data, including calendar event titles, start/end times, attendee lists, all-day event status, and your primary calendar identifier. We request the following OAuth scopes: email, profile, openid, calendar.events, and calendar.calendarlist.readonly.
  • Microsoft: We access your Microsoft profile information (name, email) for authentication. With your explicit consent, we access your Outlook Calendar data, including calendar event details, attendee information, default calendar identification, and calendar owner details. We request the following OAuth scopes: email, profile, openid, offline_access, and Calendars.ReadWrite.
  • Zoom: We access your Zoom profile information (email) for authentication and meeting management. With your explicit consent, we create, read, and delete Zoom meetings on your behalf, including meeting join URLs and meeting metadata. We request the following OAuth scopes: user:read:user, meeting:write:meeting, meeting:read:meeting, and meeting:delete:meeting.

3.3 Information Collected Automatically

  • Technical Data: IP address, browser type and version, device identifiers, operating system, referring URLs, and timestamps of access.
  • Session Data: We collect session information including IP address and user agent string, which are stored with your authenticated session record.
  • Session Recordings: We use session replay technology to record your interactions with the Services, including mouse movements, clicks, scrolls, page navigation, DOM interactions, and keystrokes. These recordings are associated with your user ID when you are authenticated. Session recordings are used solely for debugging, improving user experience, and identifying technical issues. Session recordings are not collected in development environments.
  • Geolocation Data: We infer your approximate geographic location and timezone from your IP address for the purpose of configuring your default scheduling timezone.

4. How We Use Personal Information

We use personal information solely for the following purposes:

  • Provide, operate, maintain, and improve the Services, including creating and managing calendar events and bookings.
  • Facilitate scheduling, including determining availability, preventing double-bookings, and creating virtual meeting rooms.
  • Synchronize calendar data between connected third-party calendar providers and the Services.
  • Send transactional communications, including meeting confirmations, cancellation notices, upcoming meeting reminders, and account verification codes.
  • Send SMS notifications when you have opted into SMS alerts and provided a verified phone number.
  • Authenticate users, verify identities, and prevent fraud, abuse, and unauthorized access.
  • Analyze usage patterns through session recordings to identify bugs, improve performance, and enhance user experience.
  • Comply with legal obligations, respond to lawful requests, and enforce our Terms of Use.

We do not use your data for:

  • Targeted, personalized, or interest-based advertising.
  • Training artificial intelligence or machine learning models.
  • Selling to data brokers, information resellers, or any third parties.
  • Determining creditworthiness, insurance eligibility, or for lending purposes.
  • Profiling for automated decision-making that produces legal or similarly significant effects.

5. Cookies & Tracking Technologies

We use the following technologies:

  • Essential Cookies: Strictly necessary cookies required for authentication, session management, and core platform functionality. These cookies cannot be disabled without impairing the Services.
  • Session Replay: We deploy session replay technology that records user interactions with the Services. This technology captures mouse movements, clicks, scrolls, page navigation, form interactions, and keystrokes. Recordings are tied to authenticated user IDs and are used exclusively for product improvement, debugging, and quality assurance.

We do not use advertising cookies, third-party tracking pixels, or social media cookies. You can control cookie behavior through your browser settings; however, disabling essential cookies may impair your ability to use the Services.

Do-Not-Track Signals:We honor Do-Not-Track ("DNT") browser signals. When we detect a DNT signal, we limit data collection to what is strictly necessary for the operation of the Services.

6. Data Sharing & Disclosure

We share personal information only in the following limited circumstances:

  • Infrastructure & Service Providers: With trusted third-party vendors who provide cloud hosting, database management, content delivery, file storage, email delivery, SMS delivery, and session analytics services. These providers process data on our behalf under contractual confidentiality and data protection obligations and are prohibited from using your data for their own purposes.
  • Third-Party Calendar & Conferencing Providers:When you connect Google, Microsoft, or Zoom accounts, we transmit scheduling data (event details, attendee information, meeting metadata) to those providers as necessary to create, update, and delete calendar events and virtual meetings on your behalf. These transmissions are governed by the respective provider's own privacy policies.
  • Meeting Participants: When a booking is made, limited information (name, email, meeting time, conferencing details) is shared between the User and the Guest for the purpose of facilitating the scheduled meeting.
  • Legal & Safety: When required to comply with applicable law, valid legal process, or governmental request; to protect the rights, safety, property, or security of Nødro, our Users, or the public; to detect, prevent, or address fraud, security, or technical issues; or to enforce our Terms of Use.
  • Business Transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction, subject to standard confidentiality protections. We will notify you of any such transfer and any choices you may have regarding your information.

We do not share data received from third-party service providers (such as Google, Microsoft, or Zoom) with any additional third parties, except as necessary to provide the user-facing features of our Services or as required by law.

7. Data Storage & Security

All personal data is stored on servers located in the United States (US-East region). We implement administrative, technical, and organizational safeguards designed to protect personal information, including:

  • Encryption of data in transit using TLS/SSL protocols.
  • Encryption of data at rest for stored databases and file storage.
  • Access controls and authentication mechanisms for internal systems.
  • Regular monitoring for unauthorized access and security vulnerabilities.
  • OAuth token management with refresh token rotation for third-party integrations.

While we take security seriously and employ industry-standard practices, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.

8. Data Retention

We retain personal information for as long as your account remains active and as necessary to fulfill the purposes described in this Policy. Specifically:

  • Account data is retained for the duration of your account and for a reasonable period after account deletion, as required by applicable law.
  • Booking records are retained for as long as necessary for business, legal, tax, or regulatory purposes. Canceled bookings are soft-deleted (marked as deleted) but retained for record-keeping.
  • Calendar event data is retained as long as the associated calendar connection is active and is deleted when you disconnect a calendar provider.
  • Session recordingsare retained in accordance with our session replay provider's retention policies.
  • Email delivery logs (bounce, complaint, delivery, and send events) are retained for email deliverability management and compliance purposes.

When data is no longer required for any lawful purpose, we will delete or effectively anonymize it.

9. Third-Party Service Provider Data Policies

  • Google: Nødro's use and transfer to any other app of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. We access Google Calendar data solely to provide scheduling functionality and do not use this data for any other purpose.
  • Microsoft:Nødro's access to and use of data obtained from Microsoft services is performed in compliance with Microsoft's applicable data protection and privacy requirements. We access Outlook Calendar data solely to provide scheduling functionality and do not use this data for any other purpose.
  • Zoom:Nødro's access to and use of data obtained from Zoom services is performed in compliance with Zoom's Marketplace Developer Agreement and applicable data protection requirements. We access Zoom meeting data solely to create, manage, and delete meetings on your behalf.

10. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information under applicable state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA/CPRA), the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, the Utah Consumer Privacy Act, the Texas Data Privacy and Security Act, the Oregon Consumer Privacy Act, the Montana Consumer Data Privacy Act, the Delaware Personal Data Privacy Act, the Iowa Consumer Data Protection Act, the Nebraska Data Privacy Act, the New Hampshire Privacy Act, the New Jersey Data Privacy Act, the Tennessee Information Protection Act, the Indiana Consumer Data Protection Act, and the Minnesota Consumer Data Privacy Act.

Subject to applicable law, you may have the right to:

  • Access: Request confirmation of whether we process your personal information and obtain a copy of the specific personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your personal information, subject to certain exceptions required by law.
  • Portability: Receive your personal information in a portable and, to the extent technically feasible, readily usable format.
  • Opt-Out of Sale or Sharing: Although we do not sell personal information or share it for cross-context behavioral advertising, you have the right to direct us not to do so.
  • Opt-Out of Profiling: Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in such profiling.
  • Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment.

How to exercise your rights: You may submit a request by contacting us at support@nodro.com. We will verify your identity before fulfilling your request by matching the information you provide against what we have on file. We will respond to verifiable requests within the timeframe required by applicable law (generally 45 days, with extensions as permitted). If your request is denied, you may appeal our decision by contacting us at the same email address. If your appeal is denied, you may contact your state's attorney general.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require the authorized agent to provide written proof of authorization and may independently verify your identity.

11. Communication Preferences

We send the following types of communications:

  • Transactional Emails: Meeting confirmations, cancellation notices, and upcoming meeting reminders sent to both Users and Guests. These are necessary for the operation of the Services and cannot be opted out of.
  • SMS Notifications: Meeting-related SMS alerts sent to Users who have provided a verified phone number. You can enable or disable SMS notifications at any time from your Account settings page within the Services. You may also disable individual notification types (e.g., upcoming meeting reminders) separately for email and SMS channels.
  • Verification Codes: One-time passcodes sent via email (for account sign-in) or SMS (for phone number verification). These are essential security communications and cannot be opted out of.

12. Children's Privacy

The Services are not intended for use by individuals under the age of thirteen (13). We do not knowingly collect, use, or disclose personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take prompt steps to delete such information. If you believe a child under 13 has provided us with personal information, please contact us at support@nodro.com.

13. International Users

Nødro is operated from and all data is stored within the United States. The Services are not directed at individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland, and we do not intentionally collect data from individuals in those jurisdictions. If you access the Services from outside the United States, you acknowledge and consent to the transfer, processing, and storage of your information in the United States, where data protection laws may differ from those in your jurisdiction.

14. Account Deletion

You may request deletion of your account and associated personal information by contacting us at support@nodro.com. Upon receiving a verified deletion request, we will delete or anonymize your personal information, except for data we are required or permitted to retain under applicable law (including but not limited to legal, tax, regulatory, or compliance obligations). Connected third-party accounts (Google, Microsoft, Zoom) will be unlinked, but you must separately revoke Nødro's access through each provider's account settings. Deletion of your account will also remove your associated calendar connections, scheduling preferences, and profile information.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last updated" date. If we make material changes that significantly affect how we handle your personal information, we will provide notice through the Services or by other appropriate means prior to the change becoming effective. Your continued use of the Services after the updated Policy is posted constitutes your acceptance of the revised Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at support@nodro.com.